October 23, 2015

Roundtable Roundup: FSR Drives Forward Efforts to Pass CISA

The Cybersecurity Information Sharing Act (CISA) made significant progress on Capitol Hill this week. FSR helped lead a joint trade effort voicing opposition to a threatening amendment in the Senate, which if added would undermine the heart of the bill’s lability protections for companies, and could mean consumers continue to be open to more cybersecurity threats.

Roundtable Roundup: FSR Drives Forward Efforts to Pass CISA
Share This

Roundup Newsletter

Roundtable Roundup is FSR’s public-facing newsletter featuring the latest insights on financial services issues on Capitol Hill, action in the Dodd Frank regulatory space and updates on FSR events.


FSR Updates

FSR Drives Forward Efforts to Pass CISA

Damaging amendment beaten back, Senate poised to vote next week

The Cybersecurity Information Sharing Act (CISA) made significant progress on Capitol Hill this week. FSR helped lead a joint trade effort voicing opposition to a threatening amendment in the Senate, which if added would undermine the heart of the bill’s lability protections for companies, and could mean consumers continue to be open to more cybersecurity threats.

The CISA bill is expected to reach a full Senate floor vote early next week.

FSR issued a statement Wednesday urging Senators to vote down any amendments that might damage CISA’s progress.

FSR also recently launched a multi-media, multiple-week advocacy campaign urging the Senate to pass CISA. Click on the image below to see FSR’s full Stop Cyber Threats campaign.


Watch FSR’s new CISA video ad, “America Cannot Afford to Wait: Pass CISA Now” by clicking on the image below.


Also: Privacy Groups are Spreading CISA Myths FSR Gets The Real Facts Straight from the Bill

Privacy groups are out in force spreading rumors about CISA. To correct these factually inaccurate myths, FSR read the full CISA bill and pulled the excerpts that directly rebut the privacy groups’ inaccuracies.

Privacy Group RUMOR: CISA will permit the sharing of Americans’ personal information with the government, while not strengthening cyber defenses.

WHAT THE BILL SAYS: CISA does not permit sharing Americans’ personal information. It is designed to encourage sharing of information directly related to cyber threat indicators ONLY in real time when the information will be most useful. (See the actual bill section in the image below)



WHAT THE BILL ALSO SAYS: Classified information has to be protected. That may even require a technical process put in place to remove any personal information that is not directly related to a cybersecurity threat. (See the actual bill section in the image below)



Privacy Group RUMOR: CISA includes inadequate protections prior to sharing.

WHAT THE BILL SAYS: It doesn’t get a whole lot clearer – CISA requires the removal of personal information. This empowers companies to PROTECT consumer personal information. (See the actual bill section in the image below)


Data Breach Legislation is Heating Up, But Don’t Get Stuck at the Pin Circus


A few merchant trade associations are working feverishly to convince policymakers that “Chip and PIN” is the panacea for preventing merchant data breaches and data security issues writ large. It’s a bunch of Gish Gallop, writes FSR VP of Government Affairs for Payments Jason Kratovil. Just because they say it, doesn’t make it true.

The major takeaways from Jason’s blog “Of Snake Oil, Pins and Breaches”

  • About half of all fraud is fraud resulting from online or other “card not present” situations. Chip and pin will not prevent this kind of fraud. Pins would only address fraud from lost or stolen cards.
  • In almost every single case of lost or stolen fraud, merchants have zero financial liability. MasterCard and Visa’s operating rules make this quite clear: the issuer is on the hook in almost every possible case of fraud resulting from a lost or stolen card. This is true whether there’s a chip on the card or not.
  • Consumers have zero liability for any of these types of fraud. Having that trusted relationship with consumers is something the financial industry is proud of, and is a motivating force behind much of the R&D our industry is doing to bring the next generation of dynamic authentication technologies to scale.
  • PINs are static, and static data elements are not anyone’s vision of the future of security. Retailer trade groups always fail to note a potential unpleasant side-effect of PIN usage: If compromised in a breach, PINs could give hackers direct access to funds in consumers’ checking accounts.

FSR also signed a joint trade letter Tuesday urging House lawmakers to support efforts to shift the market toward new generations of payments solutions that both retailers and financial institutions can implement to protect consumers from hackers.

FSR also issued a statement voicing its support for the Data Security Act of 2015, which will help better protect consumers from data breaches by requiring that retailers, as well as financial institutions of all sizes develop and maintain robust internal procedures to secure customer data. Retailers are currently not subject to these requirements.

10 Reasons Why You Should Save for Retirement as Told By Viral Videos

What do Dramatic Chipmunk, Charlie Bit My Finger, Baby Panda Sneezing, Piano Playing Cat and Rick Astley have in common?

These 10 viral videos all showcase key reasons why Americans should aim to save at least 10 percent of their income toward retirement.


Like watching viral videos?

FSR also recently launched a nationwide ‘Save 10’ video contest with the goal of highlighting the most innovative and creative reasons “Who, When, Why or How” everyone should save 10 percent of their income toward retirement.

The Save 10 Stories contest includes a grand prize of $10,000 and nine first place prizes worth $1,000 each. Visit www.Save10.org to enter and see official rules.

FSR Responds to WSJ Article: “Companies to Workers: Start Saving More—Or We’ll Do It for You”

From FSR’s Blog:

This is the headline from a recent Wall Street Journal article by Kirsten Grind.

It sounds scary, but this is what it really means: “Workers, your employers are going to help you be prepared to enjoy your retirement, and they are going to give you some free cash.”

While there is no hyperbole about this statement, the article rightly points out that not nearly enough Americans are taking advantage of this free retirement cash from their employers.

From the article:
“If I put in less than 8%, I’m throwing money away,” said Chris Lurix, a 44-year-old Apache systems analyst in Houston, who cited the company’s willingness to match the higher savings rate as a partial reason why he took a job there three years ago.

My generation does not expect a pension. If many young workers today have thought at all about saving for retirement, they’ve grown up in a world where 401(k) and other retirement plans are the norm. But we do have other expectations from our employers and we want them to empower us to be set up for financial and professional success.

Employers, because of their unique role in the system, should be in the driver’s seat of workplace financial education and retirement savings—and this means beyond the typical annual benefits meeting. They, more than anybody, have the power to determine if workers will be prepared for retirement or not.

Most young people (and sadly even many mid-career workers) don’t understand how much they need to save because it can be complex, and when one is making a smaller salary, it’s more attractive to keep your cash. So the easy thing is to do nothing. That status quo has to change because we are looking at entire generations of Americans who will eventually be unable to work, yet unable to retire.

Automatic enrollment in retirement plans should be a basic standard among employers, and more businesses need to get on board.

UPDATE: 36% of U.S. Banks Purchased .BANK Domains Names

fTLD Director Craig Schwartz, who oversees the .BANK domain process for FSR and other stakeholders, explains how .BANK applications are growing:

From Craig’s blog: “In the United States there are approximately 6,800 banks. Right now, you’ll find most of them online at a .COM domain name—but all of that is starting to change.

Since May 2015, 2,465 banks have purchased one or more .BANK domain names— signaling their commitment to providing a trusted, verified and more secure location online for their banking services.

Purchasing a .BANK domain name is available only to verified members of the global banking community, and fTLD Registry Services, alongside trusted partners, ensures it stays that way.”

fTLD Registry’s recently released infographic paints a picture of what has been happening behind the scenes during the past six months to provide a trusted and more secure location on the Internet for banks and consumers. (See the number breakdown in the infographic below)


BLOG: International Insurance Regulators—Ready, Shoot, Aim

From FSR’s Regulatory Counsel Robert Hatch:

Earlier this month, the International Association of Insurance Supervisors (IAIS), checked off another box in its efforts to create a uniform regulatory standard for the insurance industry. This time, the IAIS released its framework for imposing a “Higher Loss Absorbency” (HLA) requirement on global systemically important insurers (G-SIIs). By releasing its HLA framework now, the IAIS stays on track to meet its goal for developing a common framework for regulating all internationally active insurance groups by 2019.

Observers of the banking industry know that the discussions and agreements of the international Basel Committee on Banking Supervision (BCBS) hold incredible sway over the development of U.S. capital rules for banks. As a result, companies within the U.S. financial system must watch carefully to determine if international discussions in the insurance space will also lead to a framework that they will later be forced to adopt.

Unfortunately for insurers and their customers, the IAIS’s policymaking process seems more focused on applying a bank-centric regulatory model as opposed to creating a nuanced framework that takes into account the unique elements of the insurance industry.